Re: [MBZ] OT: Internet filtering
Sorry it didnt work out for you Scott. I just updated mine yesterday. Followed the instructions in the thread and it worked fine. I am on Spectrum cable. I run a cloud key but I do all this from inside, so that should not matter. Just putty in and cut and paste the commands. I am not super savvy about this stuff so cannot really comment on your issues. Regards, Karl On Mon, Sep 14, 2020, 1:41 AM Scott Ritchey via Mercedes < mercedes@okiebenz.com> wrote: > Karl, et al., Wanted to give feedback how this turned out. > At first, I tried to use OpenDNS which is super-simple; just point the > router to the OpenDNS IPs. After MUCH frustration, I discovered that > Spectrum/Time Warner (commercial account) hijacks DNS requests (no matter > how the router DNS is set) and points them to Time Warner servers. It may > be possible to opt out of this hijack situation but so far I haven't found > a Spectrum tech that can/will opt me out. > I had a spare Unifi Security Gateway (USG) on hand so I'm using that. The > USG OS (same as EdgeRouter) includes SquibGuard which does DNS filtering. > In the USG, SquibGuard uses SSH command line instructions, at least until > the Unifi Controller GUI can do this (maybe not in my lifetime). > In retrospect, an EdgeRouter would have been a better choice because the > USG requires a Unifi Controller software patch (.json file) or the > filtering setup won't survive provisioning cycle. > Thanks for the help but I was boxed-in by Spectrum and the existing Unifi > hardware and that limited my options. > Scott > > > -Original Message- > > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of Karl > > Wittnebel via Mercedes > > Sent: Wednesday, August 26, 2020 1:23 PM > > To: Mercedes Discussion List > > Cc: Karl Wittnebel > > Subject: Re: [MBZ] OT: Internet filtering > > > > Honestly if you read that thread I linked, it tells you all the steps. > If I can > > manage it, anyone can (I have zero experience with this stuff apart from > trying > > to run openfoam on starcluster from a linux desktop awhile back). I > think I > > used Putty and just executed the commands from that thread. > > > > Unifi mobile app and web interfaces are great/simple and give you good > > analytics. You can block individual devices. I shut my kids ipads off > all the time > > from work and turn them back on for school on the morning, for instance. > > > > You can have it auto update the blacklists with a script so it persists > when the > > device updates itself. > > > > Personally I like blacklisting for a church site. People can look at > youtube and > > fb somewhere else. > > > > On Tue, Aug 25, 2020, 11:36 PM Scott Ritchey via Mercedes < > > mercedes@okiebenz.com> wrote: > > > > > Kark, Thanks. I have some studying to do. > > > > > > I will have a Unifi Security Gateway there eventually, probably after > > > when the weather cools and the attic is more bearable (need to run > > > cables). I was hoping thr USGhelp (I mean it is a security gateway). > > > Pi-Hole sounds very promising. The USG looked simple until I got into > it. > > > > > > > -Original Message- > > > > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of > > > > Karl Wittnebel via Mercedes > > > > Sent: Tuesday, August 25, 2020 1:14 PM > > > > To: Mercedes Discussion List > > > > Cc: Karl Wittnebel > > > > Subject: Re: [MBZ] OT: Internet filtering > > > > > > > > Here is a helpful link: > > > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq- > > d > > > > - > > > > instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > > > > > On Tue, Aug 25, 2020, 9:39 AM Karl Wittnebel > > > > wrote: > > > > > > > > > Get a pi hole. I run something similar at home on a unifi security > > > > > gateway: > > > > > > > > > > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using- > > dnsmasq > > > > > -d- > > > > i > > > > > nstead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > > > > > > > https://en.m.wikipedia.org/wiki/Pi-hole > > > > > > > > > > Anyway you can block whatever you want. E.g. facebook, youtube. It > > > > > is a scorched earth approach but it works well. You can configure > > > > > i
Re: [MBZ] OT: Internet filtering
Karl, et al., Wanted to give feedback how this turned out. At first, I tried to use OpenDNS which is super-simple; just point the router to the OpenDNS IPs. After MUCH frustration, I discovered that Spectrum/Time Warner (commercial account) hijacks DNS requests (no matter how the router DNS is set) and points them to Time Warner servers. It may be possible to opt out of this hijack situation but so far I haven't found a Spectrum tech that can/will opt me out. I had a spare Unifi Security Gateway (USG) on hand so I'm using that. The USG OS (same as EdgeRouter) includes SquibGuard which does DNS filtering. In the USG, SquibGuard uses SSH command line instructions, at least until the Unifi Controller GUI can do this (maybe not in my lifetime). In retrospect, an EdgeRouter would have been a better choice because the USG requires a Unifi Controller software patch (.json file) or the filtering setup won't survive provisioning cycle. Thanks for the help but I was boxed-in by Spectrum and the existing Unifi hardware and that limited my options. Scott > -Original Message- > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of Karl > Wittnebel via Mercedes > Sent: Wednesday, August 26, 2020 1:23 PM > To: Mercedes Discussion List > Cc: Karl Wittnebel > Subject: Re: [MBZ] OT: Internet filtering > > Honestly if you read that thread I linked, it tells you all the steps. If I > can > manage it, anyone can (I have zero experience with this stuff apart from > trying > to run openfoam on starcluster from a linux desktop awhile back). I think I > used Putty and just executed the commands from that thread. > > Unifi mobile app and web interfaces are great/simple and give you good > analytics. You can block individual devices. I shut my kids ipads off all the > time > from work and turn them back on for school on the morning, for instance. > > You can have it auto update the blacklists with a script so it persists when > the > device updates itself. > > Personally I like blacklisting for a church site. People can look at youtube > and > fb somewhere else. > > On Tue, Aug 25, 2020, 11:36 PM Scott Ritchey via Mercedes < > mercedes@okiebenz.com> wrote: > > > Kark, Thanks. I have some studying to do. > > > > I will have a Unifi Security Gateway there eventually, probably after > > when the weather cools and the attic is more bearable (need to run > > cables). I was hoping thr USGhelp (I mean it is a security gateway). > > Pi-Hole sounds very promising. The USG looked simple until I got into it. > > > > > -Original Message- > > > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of > > > Karl Wittnebel via Mercedes > > > Sent: Tuesday, August 25, 2020 1:14 PM > > > To: Mercedes Discussion List > > > Cc: Karl Wittnebel > > > Subject: Re: [MBZ] OT: Internet filtering > > > > > > Here is a helpful link: > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq- > d > > > - > > > instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > > > On Tue, Aug 25, 2020, 9:39 AM Karl Wittnebel > > > wrote: > > > > > > > Get a pi hole. I run something similar at home on a unifi security > > > > gateway: > > > > > > > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using- > dnsmasq > > > > -d- > > > i > > > > nstead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > > > > > https://en.m.wikipedia.org/wiki/Pi-hole > > > > > > > > Anyway you can block whatever you want. E.g. facebook, youtube. It > > > > is a scorched earth approach but it works well. You can configure > > > > it to auto update using various lists of ad servers and then > > > > customize > > website lists. > > > > > > > > If in a church, you should post a sign that internet access is > > > > restricted in case any docs are communicating with patients etc by > > > > internet so they can plan to be out of reach. Not such a bad > > > > thing, really. Just need to notify. Something like "restricted > > > > internet > > access only". > > > > > > > > > > > > > > > > On Sun, Aug 23, 2020, 4:59 AM Dan Penoff via Mercedes < > > > > mercedes@okiebenz.com> wrote: > > > > > > > >> Only thing I can suggest is: > > > >> > > > >> 1.) Set up a password that’s simple a
Re: [MBZ] OT: Internet filtering
Karl, Thanks again. I have a USG at home so I can use it to check this out when I get some time. Sounds perfect. > -Original Message- > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of Karl > Wittnebel via Mercedes > Sent: Wednesday, August 26, 2020 1:23 PM > To: Mercedes Discussion List > Cc: Karl Wittnebel > Subject: Re: [MBZ] OT: Internet filtering > > Honestly if you read that thread I linked, it tells you all the steps. If I > can > manage it, anyone can (I have zero experience with this stuff apart from > trying > to run openfoam on starcluster from a linux desktop awhile back). I think I > used Putty and just executed the commands from that thread. > > Unifi mobile app and web interfaces are great/simple and give you good > analytics. You can block individual devices. I shut my kids ipads off all the > time > from work and turn them back on for school on the morning, for instance. > > You can have it auto update the blacklists with a script so it persists when > the > device updates itself. > > Personally I like blacklisting for a church site. People can look at youtube > and > fb somewhere else. > > On Tue, Aug 25, 2020, 11:36 PM Scott Ritchey via Mercedes < > mercedes@okiebenz.com> wrote: > > > Kark, Thanks. I have some studying to do. > > > > I will have a Unifi Security Gateway there eventually, probably after > > when the weather cools and the attic is more bearable (need to run > > cables). I was hoping thr USGhelp (I mean it is a security gateway). > > Pi-Hole sounds very promising. The USG looked simple until I got into it. > > > > > -Original Message- > > > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of > > > Karl Wittnebel via Mercedes > > > Sent: Tuesday, August 25, 2020 1:14 PM > > > To: Mercedes Discussion List > > > Cc: Karl Wittnebel > > > Subject: Re: [MBZ] OT: Internet filtering > > > > > > Here is a helpful link: > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq- > d > > > - > > > instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > > > On Tue, Aug 25, 2020, 9:39 AM Karl Wittnebel > > > wrote: > > > > > > > Get a pi hole. I run something similar at home on a unifi security > > > > gateway: > > > > > > > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using- > dnsmasq > > > > -d- > > > i > > > > nstead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > > > > > https://en.m.wikipedia.org/wiki/Pi-hole > > > > > > > > Anyway you can block whatever you want. E.g. facebook, youtube. It > > > > is a scorched earth approach but it works well. You can configure > > > > it to auto update using various lists of ad servers and then > > > > customize > > website lists. > > > > > > > > If in a church, you should post a sign that internet access is > > > > restricted in case any docs are communicating with patients etc by > > > > internet so they can plan to be out of reach. Not such a bad > > > > thing, really. Just need to notify. Something like "restricted > > > > internet > > access only". > > > > > > > > > > > > > > > > On Sun, Aug 23, 2020, 4:59 AM Dan Penoff via Mercedes < > > > > mercedes@okiebenz.com> wrote: > > > > > > > >> Only thing I can suggest is: > > > >> > > > >> 1.) Set up a password that’s simple and tell the congregation > > > >> what it is; or, > > > >> > > > >> 2.) Get a consumer grade router in line with the existing access > > > >> point and use it’s parental controls feature to filter. > > > >> > > > >> I’ve got an Asus router I use for my internal network and it’s > > > >> got parental controls and filtering available as an option. > > > >> > > > >> -D > > > >> > > > >> > On Aug 23, 2020, at 2:38 AM, Scott Ritchey via Mercedes < > > > >> mercedes@okiebenz.com> wrote: > > > >> > > > > >> > The school's hot spot is on their own LAN, not my problem. > > > >> > > > > >> > There are many functions other than church services, typically > > > >> > in the >
Re: [MBZ] OT: Internet filtering
Honestly if you read that thread I linked, it tells you all the steps. If I can manage it, anyone can (I have zero experience with this stuff apart from trying to run openfoam on starcluster from a linux desktop awhile back). I think I used Putty and just executed the commands from that thread. Unifi mobile app and web interfaces are great/simple and give you good analytics. You can block individual devices. I shut my kids ipads off all the time from work and turn them back on for school on the morning, for instance. You can have it auto update the blacklists with a script so it persists when the device updates itself. Personally I like blacklisting for a church site. People can look at youtube and fb somewhere else. On Tue, Aug 25, 2020, 11:36 PM Scott Ritchey via Mercedes < mercedes@okiebenz.com> wrote: > Kark, Thanks. I have some studying to do. > > I will have a Unifi Security Gateway there eventually, probably after when > the weather cools and the attic is more bearable (need to run cables). I > was hoping thr USGhelp (I mean it is a security gateway). Pi-Hole sounds > very promising. The USG looked simple until I got into it. > > > -Original Message- > > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of Karl > > Wittnebel via Mercedes > > Sent: Tuesday, August 25, 2020 1:14 PM > > To: Mercedes Discussion List > > Cc: Karl Wittnebel > > Subject: Re: [MBZ] OT: Internet filtering > > > > Here is a helpful link: > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq-d- > > instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > On Tue, Aug 25, 2020, 9:39 AM Karl Wittnebel > > wrote: > > > > > Get a pi hole. I run something similar at home on a unifi security > > > gateway: > > > > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq-d- > > i > > > nstead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > > > https://en.m.wikipedia.org/wiki/Pi-hole > > > > > > Anyway you can block whatever you want. E.g. facebook, youtube. It is > > > a scorched earth approach but it works well. You can configure it to > > > auto update using various lists of ad servers and then customize > website lists. > > > > > > If in a church, you should post a sign that internet access is > > > restricted in case any docs are communicating with patients etc by > > > internet so they can plan to be out of reach. Not such a bad thing, > > > really. Just need to notify. Something like "restricted internet > access only". > > > > > > > > > > > > On Sun, Aug 23, 2020, 4:59 AM Dan Penoff via Mercedes < > > > mercedes@okiebenz.com> wrote: > > > > > >> Only thing I can suggest is: > > >> > > >> 1.) Set up a password that’s simple and tell the congregation what it > > >> is; or, > > >> > > >> 2.) Get a consumer grade router in line with the existing access > > >> point and use it’s parental controls feature to filter. > > >> > > >> I’ve got an Asus router I use for my internal network and it’s got > > >> parental controls and filtering available as an option. > > >> > > >> -D > > >> > > >> > On Aug 23, 2020, at 2:38 AM, Scott Ritchey via Mercedes < > > >> mercedes@okiebenz.com> wrote: > > >> > > > >> > The school's hot spot is on their own LAN, not my problem. > > >> > > > >> > There are many functions other than church services, typically in > > >> > the > > >> fellowship hall (church meetings, parties, weddings/funerals, > > >> men/women/senior groups, etc.) where folks want their cell phones to > > work. > > >> If they don't connect to the Wi-Fi those cell phone batteries go down > > >> fast as the phones try to ping a tower transmitting at max power. > > >> > > > >> > I could add a password but then would need tell everyone. > > >> > > > >> > I already configured OpenDNS but still looking for something > > >> > better. I > > >> plan to install a Unifi Security Gateway so I'm looking for a way to > > >> use that. There are many consumer routers that could be adapted and > > >> security appliances (without routing), like Circle. Still looking. > > >> > > > >> >> -Original Message- > > >> &g
Re: [MBZ] OT: Internet filtering
Kark, Thanks. I have some studying to do. I will have a Unifi Security Gateway there eventually, probably after when the weather cools and the attic is more bearable (need to run cables). I was hoping thr USGhelp (I mean it is a security gateway). Pi-Hole sounds very promising. The USG looked simple until I got into it. > -Original Message- > From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of Karl > Wittnebel via Mercedes > Sent: Tuesday, August 25, 2020 1:14 PM > To: Mercedes Discussion List > Cc: Karl Wittnebel > Subject: Re: [MBZ] OT: Internet filtering > > Here is a helpful link: > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq-d- > instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > On Tue, Aug 25, 2020, 9:39 AM Karl Wittnebel > wrote: > > > Get a pi hole. I run something similar at home on a unifi security > > gateway: > > > > > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq-d- > i > > nstead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > > > https://en.m.wikipedia.org/wiki/Pi-hole > > > > Anyway you can block whatever you want. E.g. facebook, youtube. It is > > a scorched earth approach but it works well. You can configure it to > > auto update using various lists of ad servers and then customize website > > lists. > > > > If in a church, you should post a sign that internet access is > > restricted in case any docs are communicating with patients etc by > > internet so they can plan to be out of reach. Not such a bad thing, > > really. Just need to notify. Something like "restricted internet access > > only". > > > > > > > > On Sun, Aug 23, 2020, 4:59 AM Dan Penoff via Mercedes < > > mercedes@okiebenz.com> wrote: > > > >> Only thing I can suggest is: > >> > >> 1.) Set up a password that’s simple and tell the congregation what it > >> is; or, > >> > >> 2.) Get a consumer grade router in line with the existing access > >> point and use it’s parental controls feature to filter. > >> > >> I’ve got an Asus router I use for my internal network and it’s got > >> parental controls and filtering available as an option. > >> > >> -D > >> > >> > On Aug 23, 2020, at 2:38 AM, Scott Ritchey via Mercedes < > >> mercedes@okiebenz.com> wrote: > >> > > >> > The school's hot spot is on their own LAN, not my problem. > >> > > >> > There are many functions other than church services, typically in > >> > the > >> fellowship hall (church meetings, parties, weddings/funerals, > >> men/women/senior groups, etc.) where folks want their cell phones to > work. > >> If they don't connect to the Wi-Fi those cell phone batteries go down > >> fast as the phones try to ping a tower transmitting at max power. > >> > > >> > I could add a password but then would need tell everyone. > >> > > >> > I already configured OpenDNS but still looking for something > >> > better. I > >> plan to install a Unifi Security Gateway so I'm looking for a way to > >> use that. There are many consumer routers that could be adapted and > >> security appliances (without routing), like Circle. Still looking. > >> > > >> >> -Original Message- > >> >> From: Allan Streib via Mercedes > >> >> Subject: Re: [MBZ] OT: Internet filtering > >> >> > >> >> Ask the school what they do. > >> >> > >> >> Ideally the school hot spot will be on the school network via a VPN. > >> >> > >> >> As far as accessing the passwordless guest network, you have that > >> problem > >> >> regardless. I'd suggest putting a password on it, or maybe setting > >> >> up > >> a captive > >> >> portal like at a hotel. Depends how much you really want to manage it. > >> >> > >> >> Anyway, who is using their cell phone during church? > >> >> > >> >> > >> >> Scott Ritchey via Mercedes writes: > >> >> > >> >>> Our church LAN has a “guest” SSID that does not require a password. > >> This > >> >> guest SSID is very helpful for cell phones because the aluminum > >> >> siding > >> blocks > >> >> regular cell signals. So far, this was not a problem because we &
Re: [MBZ] OT: Internet filtering
Here is a helpful link: https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq-d-instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 On Tue, Aug 25, 2020, 9:39 AM Karl Wittnebel wrote: > Get a pi hole. I run something similar at home on a unifi security > gateway: > > > https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq-d-instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 > > https://en.m.wikipedia.org/wiki/Pi-hole > > Anyway you can block whatever you want. E.g. facebook, youtube. It is a > scorched earth approach but it works well. You can configure it to auto > update using various lists of ad servers and then customize website lists. > > If in a church, you should post a sign that internet access is restricted > in case any docs are communicating with patients etc by internet so they > can plan to be out of reach. Not such a bad thing, really. Just need to > notify. Something like "restricted internet access only". > > > > On Sun, Aug 23, 2020, 4:59 AM Dan Penoff via Mercedes < > mercedes@okiebenz.com> wrote: > >> Only thing I can suggest is: >> >> 1.) Set up a password that’s simple and tell the congregation what it is; >> or, >> >> 2.) Get a consumer grade router in line with the existing access point >> and use it’s parental controls feature to filter. >> >> I’ve got an Asus router I use for my internal network and it’s got >> parental controls and filtering available as an option. >> >> -D >> >> > On Aug 23, 2020, at 2:38 AM, Scott Ritchey via Mercedes < >> mercedes@okiebenz.com> wrote: >> > >> > The school's hot spot is on their own LAN, not my problem. >> > >> > There are many functions other than church services, typically in the >> fellowship hall (church meetings, parties, weddings/funerals, >> men/women/senior groups, etc.) where folks want their cell phones to work. >> If they don't connect to the Wi-Fi those cell phone batteries go down fast >> as the phones try to ping a tower transmitting at max power. >> > >> > I could add a password but then would need tell everyone. >> > >> > I already configured OpenDNS but still looking for something better. I >> plan to install a Unifi Security Gateway so I'm looking for a way to use >> that. There are many consumer routers that could be adapted and security >> appliances (without routing), like Circle. Still looking. >> > >> >> -Original Message- >> >> From: Allan Streib via Mercedes >> >> Subject: Re: [MBZ] OT: Internet filtering >> >> >> >> Ask the school what they do. >> >> >> >> Ideally the school hot spot will be on the school network via a VPN. >> >> >> >> As far as accessing the passwordless guest network, you have that >> problem >> >> regardless. I'd suggest putting a password on it, or maybe setting up >> a captive >> >> portal like at a hotel. Depends how much you really want to manage it. >> >> >> >> Anyway, who is using their cell phone during church? >> >> >> >> >> >> Scott Ritchey via Mercedes writes: >> >> >> >>> Our church LAN has a “guest” SSID that does not require a password. >> This >> >> guest SSID is very helpful for cell phones because the aluminum siding >> blocks >> >> regular cell signals. So far, this was not a problem because we had >> few >> >> “outsiders.” Our ISP provider (Time-Warner/Spectrum) provides an ARRIS >> >> DG1670a modem/router, which does not appear to have any useful >> “parental >> >> controls.” >> >>> >> >>> Soon we will be a “hot spot” where school children can come to our >> parking >> >> lot to download school materials (if they don’t have high-speed >> internet at >> >> home). The school system provides the hot spot equipment but visitors >> will >> >> also see our church Wi-Fi on their devices. >> >>> >> >>> I want to avoid the situation where school kids (or others) access >> >> inappropriate sites, particularly on the church LAN. OpenDNS offers >> some >> >> filtering but only for “new” DNS requests and it doesn’t block >> anonymizers >> >> (like Tor). >> >>> >> >>> I know there is much computer expertise on this site so I thought I’d >> ask for >> >> recommendations. >> >>> >> >&g
Re: [MBZ] OT: Internet filtering
Get a pi hole. I run something similar at home on a unifi security gateway: https://community.ui.com/questions/HowTo-Ad-blocking-using-dnsmasq-d-instead-of-etc-hosts/1598a96d-28af-4f3f-ab96-97bccdb897b3#M66463 https://en.m.wikipedia.org/wiki/Pi-hole Anyway you can block whatever you want. E.g. facebook, youtube. It is a scorched earth approach but it works well. You can configure it to auto update using various lists of ad servers and then customize website lists. If in a church, you should post a sign that internet access is restricted in case any docs are communicating with patients etc by internet so they can plan to be out of reach. Not such a bad thing, really. Just need to notify. Something like "restricted internet access only". On Sun, Aug 23, 2020, 4:59 AM Dan Penoff via Mercedes wrote: > Only thing I can suggest is: > > 1.) Set up a password that’s simple and tell the congregation what it is; > or, > > 2.) Get a consumer grade router in line with the existing access point and > use it’s parental controls feature to filter. > > I’ve got an Asus router I use for my internal network and it’s got > parental controls and filtering available as an option. > > -D > > > On Aug 23, 2020, at 2:38 AM, Scott Ritchey via Mercedes < > mercedes@okiebenz.com> wrote: > > > > The school's hot spot is on their own LAN, not my problem. > > > > There are many functions other than church services, typically in the > fellowship hall (church meetings, parties, weddings/funerals, > men/women/senior groups, etc.) where folks want their cell phones to work. > If they don't connect to the Wi-Fi those cell phone batteries go down fast > as the phones try to ping a tower transmitting at max power. > > > > I could add a password but then would need tell everyone. > > > > I already configured OpenDNS but still looking for something better. I > plan to install a Unifi Security Gateway so I'm looking for a way to use > that. There are many consumer routers that could be adapted and security > appliances (without routing), like Circle. Still looking. > > > >> -Original Message- > >> From: Allan Streib via Mercedes > >> Subject: Re: [MBZ] OT: Internet filtering > >> > >> Ask the school what they do. > >> > >> Ideally the school hot spot will be on the school network via a VPN. > >> > >> As far as accessing the passwordless guest network, you have that > problem > >> regardless. I'd suggest putting a password on it, or maybe setting up a > captive > >> portal like at a hotel. Depends how much you really want to manage it. > >> > >> Anyway, who is using their cell phone during church? > >> > >> > >> Scott Ritchey via Mercedes writes: > >> > >>> Our church LAN has a “guest” SSID that does not require a password. > This > >> guest SSID is very helpful for cell phones because the aluminum siding > blocks > >> regular cell signals. So far, this was not a problem because we had few > >> “outsiders.” Our ISP provider (Time-Warner/Spectrum) provides an ARRIS > >> DG1670a modem/router, which does not appear to have any useful “parental > >> controls.” > >>> > >>> Soon we will be a “hot spot” where school children can come to our > parking > >> lot to download school materials (if they don’t have high-speed > internet at > >> home). The school system provides the hot spot equipment but visitors > will > >> also see our church Wi-Fi on their devices. > >>> > >>> I want to avoid the situation where school kids (or others) access > >> inappropriate sites, particularly on the church LAN. OpenDNS offers > some > >> filtering but only for “new” DNS requests and it doesn’t block > anonymizers > >> (like Tor). > >>> > >>> I know there is much computer expertise on this site so I thought I’d > ask for > >> recommendations. > >>> > >>> Cheers, Scott > >>> > >> > >> ___ > >> http://www.okiebenz.com > >> > >> To search list archives http://www.okiebenz.com/archive/ > >> > >> To Unsubscribe or change delivery options go to: > >> http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > > > > > > > ___ > > http://www.okiebenz.com > > > > To search list archives http://www.okiebenz.com/archive/ > > > > To Unsubscribe or change delivery options go to: > > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > > > > ___ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
Re: [MBZ] OT: Internet filtering
Step 1: make sure the hotspots are clearly named as being for school use or church use. Step 2 (optional): stick a password like JesusSaves on the church hotspot. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
Re: [MBZ] OT: Internet filtering
Only thing I can suggest is: 1.) Set up a password that’s simple and tell the congregation what it is; or, 2.) Get a consumer grade router in line with the existing access point and use it’s parental controls feature to filter. I’ve got an Asus router I use for my internal network and it’s got parental controls and filtering available as an option. -D > On Aug 23, 2020, at 2:38 AM, Scott Ritchey via Mercedes > wrote: > > The school's hot spot is on their own LAN, not my problem. > > There are many functions other than church services, typically in the > fellowship hall (church meetings, parties, weddings/funerals, > men/women/senior groups, etc.) where folks want their cell phones to work. > If they don't connect to the Wi-Fi those cell phone batteries go down fast as > the phones try to ping a tower transmitting at max power. > > I could add a password but then would need tell everyone. > > I already configured OpenDNS but still looking for something better. I plan > to install a Unifi Security Gateway so I'm looking for a way to use that. > There are many consumer routers that could be adapted and security appliances > (without routing), like Circle. Still looking. > >> -Original Message----- >> From: Allan Streib via Mercedes >> Subject: Re: [MBZ] OT: Internet filtering >> >> Ask the school what they do. >> >> Ideally the school hot spot will be on the school network via a VPN. >> >> As far as accessing the passwordless guest network, you have that problem >> regardless. I'd suggest putting a password on it, or maybe setting up a >> captive >> portal like at a hotel. Depends how much you really want to manage it. >> >> Anyway, who is using their cell phone during church? >> >> >> Scott Ritchey via Mercedes writes: >> >>> Our church LAN has a “guest” SSID that does not require a password. This >> guest SSID is very helpful for cell phones because the aluminum siding blocks >> regular cell signals. So far, this was not a problem because we had few >> “outsiders.” Our ISP provider (Time-Warner/Spectrum) provides an ARRIS >> DG1670a modem/router, which does not appear to have any useful “parental >> controls.” >>> >>> Soon we will be a “hot spot” where school children can come to our parking >> lot to download school materials (if they don’t have high-speed internet at >> home). The school system provides the hot spot equipment but visitors will >> also see our church Wi-Fi on their devices. >>> >>> I want to avoid the situation where school kids (or others) access >> inappropriate sites, particularly on the church LAN. OpenDNS offers some >> filtering but only for “new” DNS requests and it doesn’t block anonymizers >> (like Tor). >>> >>> I know there is much computer expertise on this site so I thought I’d ask >>> for >> recommendations. >>> >>> Cheers, Scott >>> >> >> ___ >> http://www.okiebenz.com >> >> To search list archives http://www.okiebenz.com/archive/ >> >> To Unsubscribe or change delivery options go to: >> http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > > > ___ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
Re: [MBZ] OT: Internet filtering
The school's hot spot is on their own LAN, not my problem. There are many functions other than church services, typically in the fellowship hall (church meetings, parties, weddings/funerals, men/women/senior groups, etc.) where folks want their cell phones to work. If they don't connect to the Wi-Fi those cell phone batteries go down fast as the phones try to ping a tower transmitting at max power. I could add a password but then would need tell everyone. I already configured OpenDNS but still looking for something better. I plan to install a Unifi Security Gateway so I'm looking for a way to use that. There are many consumer routers that could be adapted and security appliances (without routing), like Circle. Still looking. > -Original Message- > From: Allan Streib via Mercedes > Subject: Re: [MBZ] OT: Internet filtering > > Ask the school what they do. > > Ideally the school hot spot will be on the school network via a VPN. > > As far as accessing the passwordless guest network, you have that problem > regardless. I'd suggest putting a password on it, or maybe setting up a > captive > portal like at a hotel. Depends how much you really want to manage it. > > Anyway, who is using their cell phone during church? > > > Scott Ritchey via Mercedes writes: > > > Our church LAN has a “guest” SSID that does not require a password. This > guest SSID is very helpful for cell phones because the aluminum siding blocks > regular cell signals. So far, this was not a problem because we had few > “outsiders.” Our ISP provider (Time-Warner/Spectrum) provides an ARRIS > DG1670a modem/router, which does not appear to have any useful “parental > controls.” > > > > Soon we will be a “hot spot” where school children can come to our parking > lot to download school materials (if they don’t have high-speed internet at > home). The school system provides the hot spot equipment but visitors will > also see our church Wi-Fi on their devices. > > > > I want to avoid the situation where school kids (or others) access > inappropriate sites, particularly on the church LAN. OpenDNS offers some > filtering but only for “new” DNS requests and it doesn’t block anonymizers > (like Tor). > > > > I know there is much computer expertise on this site so I thought I’d ask > > for > recommendations. > > > > Cheers, Scott > > > > ___ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
Re: [MBZ] OT: Internet filtering
Ask the school what they do. Ideally the school hot spot will be on the school network via a VPN. As far as accessing the passwordless guest network, you have that problem regardless. I'd suggest putting a password on it, or maybe setting up a captive portal like at a hotel. Depends how much you really want to manage it. Anyway, who is using their cell phone during church? Scott Ritchey via Mercedes writes: > Our church LAN has a “guest” SSID that does not require a password. This > guest SSID is very helpful for cell phones because the aluminum siding blocks > regular cell signals. So far, this was not a problem because we had few > “outsiders.” Our ISP provider (Time-Warner/Spectrum) provides an ARRIS > DG1670a modem/router, which does not appear to have any useful “parental > controls.” > > Soon we will be a “hot spot” where school children can come to our parking > lot to download school materials (if they don’t have high-speed internet at > home). The school system provides the hot spot equipment but visitors will > also see our church Wi-Fi on their devices. > > I want to avoid the situation where school kids (or others) access > inappropriate sites, particularly on the church LAN. OpenDNS offers some > filtering but only for “new” DNS requests and it doesn’t block anonymizers > (like Tor). > > I know there is much computer expertise on this site so I thought I’d ask for > recommendations. > > Cheers, Scott > ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
[MBZ] OT: Internet filtering
Our church LAN has a “guest” SSID that does not require a password. This guest SSID is very helpful for cell phones because the aluminum siding blocks regular cell signals. So far, this was not a problem because we had few “outsiders.” Our ISP provider (Time-Warner/Spectrum) provides an ARRIS DG1670a modem/router, which does not appear to have any useful “parental controls.” Soon we will be a “hot spot” where school children can come to our parking lot to download school materials (if they don’t have high-speed internet at home). The school system provides the hot spot equipment but visitors will also see our church Wi-Fi on their devices. I want to avoid the situation where school kids (or others) access inappropriate sites, particularly on the church LAN. OpenDNS offers some filtering but only for “new” DNS requests and it doesn’t block anonymizers (like Tor). I know there is much computer expertise on this site so I thought I’d ask for recommendations. Cheers, Scott ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
